Danger

This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.

DSA¶

DSA is a public-key algorithm for signing messages.

Generation¶

cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key(key_size, backend)¶

New in version 0.5.

Generate a DSA private key from the given key size. This function will generate a new set of parameters and key in one step.

Parameters:	key_size (int) – The length of the modulus in bits. It should be either 1024, 2048 or 3072. For keys generated in 2015 this should be at least 2048 (See page 41). Note that some applications (such as SSH) have not yet gained support for larger key sizes specified in FIPS 186-3 and are still restricted to only the 1024-bit keys specified in FIPS 186-2. backend – A `DSABackend` provider.
Returns:	A `DSAPrivateKey` provider.
Raises:	cryptography.exceptions.UnsupportedAlgorithm – This is raised if the provided `backend` does not implement `DSABackend`

cryptography.hazmat.primitives.asymmetric.dsa.generate_parameters(key_size, backend)¶

New in version 0.5.

Generate DSA parameters using the provided backend.

Parameters:	key_size (int) – The length of the modulus in bits. It should be either 1024, 2048 or 3072. For keys generated in 2015 this should be at least 2048 (See page 41). Note that some applications (such as SSH) have not yet gained support for larger key sizes specified in FIPS 186-3 and are still restricted to only the 1024-bit keys specified in FIPS 186-2. backend – A `DSABackend` provider.
Returns:	A `DSAParameters` provider.
Raises:	cryptography.exceptions.UnsupportedAlgorithm – This is raised if the provided `backend` does not implement `DSABackend`

Signing¶

Using a DSAPrivateKey provider.

>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives import hashes
>>> from cryptography.hazmat.primitives.asymmetric import dsa
>>> private_key = dsa.generate_private_key(
...     key_size=1024,
...     backend=default_backend()
... )
>>> signer = private_key.signer(hashes.SHA256())
>>> data = b"this is some data I'd like to sign"
>>> signer.update(data)
>>> signature = signer.finalize()

The signature is a bytes object, whose contents is DER encoded as described in RFC 3279. This can be decoded using decode_dss_signature().

Verification¶

Verification is performed using a DSAPublicKey provider. You can get a public key object with load_pem_public_key(), load_der_public_key(), public_key() , or public_key().

>>> public_key = private_key.public_key()
>>> verifier = public_key.verifier(signature, hashes.SHA256())
>>> verifier.update(data)
>>> verifier.verify()

verifier() takes the signature in the same format as is returned by signer.finalize().

verify() will raise an InvalidSignature exception if the signature isn’t valid.

Numbers¶

class cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers(p, q, g)¶

New in version 0.5.

The collection of integers that make up a set of DSA parameters.

p¶

Type:	int

The public modulus.

q¶

Type:	int

The sub-group order.

g¶

Type:	int

The generator.

parameters(backend)¶

Parameters:	backend – A `DSABackend` provider.
Returns:	A new instance of a `DSAParameters` provider.

class cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers(y, parameter_numbers)¶

New in version 0.5.

The collection of integers that make up a DSA public key.

y¶

Type:	int

The public value y.

parameter_numbers¶

Type:	`DSAParameterNumbers`

The DSAParameterNumbers associated with the public key.

public_key(backend)¶

Parameters:	backend – A `DSABackend` provider.
Returns:	A new instance of a `DSAPublicKey` provider.

class cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers(x, public_numbers)¶

New in version 0.5.

The collection of integers that make up a DSA private key.

Warning

Revealing the value of x will compromise the security of any cryptographic operations performed.

x¶

Type:	int

The private value x.

public_numbers¶

Type:	`DSAPublicNumbers`

The DSAPublicNumbers associated with the private key.

private_key(backend)¶

Parameters:	backend – A `DSABackend` provider.
Returns:	A new instance of a `DSAPrivateKey` provider.

Key interfaces¶

class cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters¶

New in version 0.3.

DSA parameters.

generate_private_key()¶

New in version 0.5.

Generate a DSA private key. This method can be used to generate many new private keys from a single set of parameters.

Returns:	A `DSAPrivateKey` provider.

class cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers¶

New in version 0.5.

Extends DSAParameters.

parameter_numbers()¶

Create a DSAParameterNumbers object.

Returns:	A `DSAParameterNumbers` instance.

class cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey¶

New in version 0.3.

A DSA private key.

public_key()¶

Returns:	`DSAPublicKey`

An DSA public key object corresponding to the values of the private key.

parameters()¶

Returns:	`DSAParameters`

The DSAParameters object associated with this private key.

signer(algorithm, backend)¶

New in version 0.4.

Sign data which can be verified later by others using the public key. The signature is formatted as DER-encoded bytes, as specified in RFC 3279.

Parameters:	algorithm – An instance of a `HashAlgorithm` provider. backend – A `DSABackend` provider.
Returns:	`AsymmetricSignatureContext`

key_size¶

Type:	int

The bit length of the modulus.

class cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization¶

New in version 0.8.

Extends DSAPrivateKey.

private_numbers()¶

Create a DSAPrivateNumbers object.

Returns:	A `DSAPrivateNumbers` instance.

private_bytes(encoding, format, encryption_algorithm)¶

Allows serialization of the key to bytes. Encoding ( PEM or DER), format ( TraditionalOpenSSL or PKCS8) and encryption algorithm (such as BestAvailableEncryption or NoEncryption) are chosen to define the exact serialization.

Parameters:	encoding – A value from the `Encoding` enum. format – A value from the `PrivateFormat` enum. encryption_algorithm – An instance of an object conforming to the `KeySerializationEncryption` interface.
Return bytes:	Serialized key.

class cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey¶

New in version 0.3.

A DSA public key.

key_size¶

Type:	int

The bit length of the modulus.

parameters()¶

Returns:	`DSAParameters`

The DSAParameters object associated with this public key.

verifier(signature, algorithm, backend)¶

New in version 0.4.

Verify data was signed by the private key associated with this public key.

Parameters:	signature (bytes) – The signature to verify. DER encoded as specified in RFC 3279. algorithm – An instance of a `HashAlgorithm` provider. backend – A `DSABackend` provider.
Returns:	`AsymmetricVerificationContext`

public_numbers()¶

Create a DSAPublicNumbers object.

Returns:	A `DSAPublicNumbers` instance.

public_bytes(encoding, format)¶

Allows serialization of the key to bytes. Encoding ( PEM or DER) and format ( SubjectPublicKeyInfo) are chosen to define the exact serialization.

Parameters:	encoding – A value from the `Encoding` enum. format – A value from the `PublicFormat` enum.
Return bytes:	Serialized key.

class cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization¶: New in version 0.8.

Alias for DSAPublicKey.

DSA¶

Generation¶

Signing¶

Verification¶

Numbers¶

Key interfaces¶

Table Of Contents

Previous topic

Next topic

This Page